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DETAILED ACTION 

Applicant cancels claims 12-18 & adds new claims 22-28. 

Applicant amends claims 1 -1 1 and 1 9-21 . 

Claims 1-11 and 19-28 are presented for examination. 

Response to Arguments 

Applicant's arguments with respect to claim s 1-1 1 and 19-28 have been 
considered but are moot in view of the new grounds of rejection. 

1 . To the extent Applicant's arguments may apply, the Examiner introduces 
Gbadegesin et al (U.S. Pat App Pub 2003/0065676 A1). 

Claim Rejections - 35 USC § 102 
The following Is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

2. Claims 1,3-11,1 9-28 are rejected under 35 U.S.C. 1 02(e) as being anticipated 
by Gbadegesin et al (U.S. Pat App Pub 2003/0065676 Al), hereinafter referred to as 
Gbadegesin. 
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Re claim 1 : Gbadegesin teaches a wireless mobile communication device (Fig 3, 
elt 300; 1f25, lines 1-5; 1|31, lines 3-4; Fig 7a, elt 700; Fig 8, elt 800), comprising: 
at least one memory storing (1|59) 

a first domain [Fig 3, elt 31 1 and Fig 7a, elt 71 1 : "virtual machine ATVMA"] 
comprising a first set of assets [Fig 3, e.g. elts 340, "Resource Set A", R1 , R2 & R3; 
lf22; 1[29, lines 2-3; Fig 7a, elt 740, "Resource Set A"] each sharing a first level of trust 
(TABLE 2; 1[31, lines 1-10; 1[27), and 

the at least one memory storing (1[59) 

a second domain [Fig 3, elt 312 and 7a, elt 712: "virtual machine BTVMB"] 
comprising a second set of assets [Fig 3, e.g. elts 360, "Resource Set B", R4 & R5; 1122; 
1[29, lines 3-4; Fig 7a, elt "Resource Set B"] each sharing a second level of trust (TABLE 
2;1[31, lines 1-10; 1[27), 

wherein the first level of trust is different than the second level of trust (Fig 7a, 
elts 781 & 782; 1[39; Virtual Machine A comprises applications tliat may have concurrent 
access to both the Private Network and the Internet versus Virtual Machine B comprises 
an application that may have access to the Internet alone); and 

a domain controller [Fig 3, elt 380: "Management Facility"] configured to control 
the first domain and the second domain and further configured to control access to the 
first set of assets and the second set of assets (1[32-1[33); 

wherein the domain controller is further configured to receive a request to 
perform an operation affecting a particular asset in the first set of assets and to 
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determine whether the request originated from a first entity ["Principal:" ^8, lines 8-14; 
1|44] that has a first trust relationship with the first domain (1|23; Fig 4, elt 450; 1135); and 

wherein the domain controller is further configured to permit completion of the 
operation affecting the particular asset only if the request originated from the first entity, 
and wherein the domain controller is further configured to permit the first entity to 
perform operations with respect to each of the first set of assets (PO; 1134, lines 1 -4). 

Re claim 3 : Gbadegesin teaches the domain controller is configured to determine 
whether the first domain also includes the first entity (1|8, lines 11-17). 

Re claim 4 : Gbadegesin teaches wherein the first domain further includes as an 
asset a software application for which the domain controller permits completion of the 
operation upon the software application (1|22; 1|23, lines 1-3; 1|33); wherein completion 
of the operation is not permitted if the request originated with a second entity that does 
not have a trust relationship with the first domain (1|34, lines 1-4; Fig 4, elts 450^NO & 
460^ NO; 1135). 

Re claim 5 : Gbadegesin teaches a super user software application [Figs 7A & 7b: 
element 722] that has a trust relationship with both the first domain and the second 
domain (1138, lines 21-23). 

Re claim 6 : Gbadegesin teaches a plurality virtual machines wherein each virtual 
machine executes software Applications A, B & 0. While Figure 7a teaches an 
Application B that may access two resource sets in two different virtual machines and 
Figure 7b teaches a plurality of instances of Application A executing in the different 
virtual machines. The Examiner holds that it would have been obvious to one of 
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ordinary sl<ill to combine the embodiments described in Figure 7a & 7b for the purpose 
of allowing the applications of Gbadegesin in Virtual Machine B to span between both 
virtual machines to access both Resource Sets A & B. On that note, the Examiner 
holds both the first domain and the second domain include the super user software 
application as obvious over Gbadegesin as combining both Figures 7a & 7b lead one of 
ordinary skill to have predictable results when modifying Gbadegesin with the teachings 
known to one of ordinary skill. 

Re claim 7 : Gbadegesin teaches wherein the domain controller is further 
configured to receive information, and to place the information into at least one of the 
first domain and the second domain (1|33; the management facility specifies whether or 
not new instances of resources may be created by certain principals based on the 
access control lists). 

Re claim 8 : Gbadegesin teaches wherein the first set of assets are selected from 
the group consisting of: communication pipes, persistent data, properties, and software 
applications (1122). 

Re claim 10 : Gbadegesin teaches wherein each property is global, domain- 
specific, or specific to a particular software application on the wireless mobile 
communication device (1122). 

Re claims 11 and 26 : Claims 1 1 and 26 are rejected under similar grounds and 
rationale as set forth as per claim 1 stated supra. 

Re claims 9 and 19 : Gbadegesin teaches a data store for storing properties 
["Access Control ListsTACL"] (1|32; 1|33, lines 1-3), wherein the domain controller is 
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further configured to determine wlietlier the operation is permitted by properties in the 
data store, and to permit completion of the operation if the operation is permitted by the 
properties in the data store (1|33); 

wherein completion of the operation is not permitted if the operation is not 
permitted by the properties in the data store (1|34, lines 1-4). 

Re claim 20 : Gbadegesin teaches the request originates from a software 
application, and wherein the step of determining whether the operation is permitted 
further comprises checking an application property for the software application (1|8, lines 
8-14;1I32-1I33). 

Re claim 21 : Gbadegesin teaches the first set of assets includes at least two 
different assets selected from the group consisting of: communication pipes, persistent 
data, properties, and software applications (1|22; 1|45). 

Re claim 22 : Gbadegesin teaches the domain controller is further configured to 
deny completion of the operation of the particular asset if the request originated from a 
second entity that does not have the first trust relationship with the first domain (1|33; 
1|34, lines 1 -4; e.g. user C may not have access to resource set A). 

Re claim 23 : Gbadegesin teaches the second entity has a second trust 
relationship with the second domain, and wherein the domain controller is further 
configured to permit the second entity [e.g. user B / principal B] to perform operations 
with respect to each of the second set of assets (1|33: "users B and 0 may access all 
resource in resource set B."). 
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Re claims 24 and 27 : Gbadegesin teaches denying completion of the operation if 
the request originated from a second entity [e.g. user B / principal B] that does not have 
the first trust relationship with the first domain (1|33; user C may not have access to 
resource set B). 

Re claims 25 and 28 : Gbadegesin teaches the second entity has a second trust 
relationship with the second domain, and wherein the method further comprises: 
permitting the second entity to perform operations with respect to each of the second 
set of assets (1|33). The Examiner notes it would have been obvious to duplicate the 
teachings applied as per user A of Gbadegesin to a different user B. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gbadegesin et al (U.S. Pat App Pub 2003/0065676 A1), hereinafter referred to as 
Gbadegesin, in view of Paatero (U.S. Pat App Pub 2003/0163685 Al), hereinafter 
referred to as Paatero. 

Re claim 2 : Gbadegesin teaches all the limitations of claim 1 as previously 

stated. 
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However, Paatero teaches a key store for storing cryptographic keys associated 
with the first domain (Fig 1, elt 16"), wherein the domain controller is configured to 
determine whether the first entity is using the cryptographic keys (Paatero: Fig 2, elts 
36, 38, 40, 42, 44 & 46: 1131 -1|32). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the teachings of Gbadegesin with the teachings of 
Paatero, for the purpose of providing cryptographic methods to portable devices and 
permitting secure communications via a wireless medium. 

Conclusion 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references applied to the claims above for the convenience of the applicant. Although 

the specified citations are representative of the teachings of the art and are applied to 
specific limitations within the individual claim, other passages and figures may apply as 
well. It is respectfully requested from the applicant in preparing responses to fully 
consider the references in entirety as potentially teaching all or part of the claimed 
invention, as well as the text of the passage taught by the prior art or disclosed by the 
examiner. 

In the case of amending the claimed invention. Applicant is respectfully 
requested to indicate the portion(s) of the specification which dictate(s) the structure 
relied on for proper interpretation and also to verify and ascertain the metes and bounds 
of the claimed invention. 
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Applicant's amendment necessitated tine new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DARREN SCHWARTZ whose telephone number is 
(571)270-3850. The examiner can normally be reached on 7am-4pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571 )272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/D. S.I 

Examiner, Art Unit 2435 

/Kimyen Vu/ 
Supervisory Patent Examiner, Art Unit 2435 



